jkread
commented
3 years ago I haven't gotten any luck getting response to anything for a while. I forked and have fixed a few of the outstanding issues.
Open maecki-maecki opened 3 years ago
jkread
commented
3 years ago I haven't gotten any luck getting response to anything for a while. I forked and have fixed a few of the outstanding issues.
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
thmhoag
commented
3 years ago Sorry for the delay here @maecki-maecki. Do you have a link to the description of that CVE for posterity? Happy to re-open and address the issue but I wasn't able to find any specifics when I searched for that CVE number.
maecki-maecki
commented
3 years ago https://ubuntu.com/security/CVE-2021-3156
Sorry, had a duplicate digit in that number ... Updated first comment, too
thmhoag
commented
3 years ago Thanks @maecki-maecki, all good. I'm re-opening this, should be a pretty straight-forward fix with an update to the base image.
Linking the base image for posterity: https://github.com/thmhoag/steamcmd
Gornoka
commented
1 year ago I updated the base image and build pipeline on my fork, if this is still relevant to you @maecki-maecki . https://github.com/Gornoka/arkserver
Description of Issue
CVE-2021-3156 means sudo is exploitable - this is fixed in xenial, but arkserver/steamcmd image has to be rebuild/republished for fix to be included ...
https://ubuntu.com/security/CVE-2021-3156